[sudo-users] CGI not allowing sudo command

David Logan david at lcscreative.com
Sun Jan 2 02:03:16 EST 2005

Todd C. Miller wrote:

>I don't see anything obviously wrong with what you have there,
>though did you mean:
>    Runas_Alias MAILLIST = mailman
>    Runas_Alias MAILLIST = %mailman
>The '%' indicates a group.  Using '%mailman' *should* work so long
>as user mailman is in the mailman group but it looked a bit odd.
>When running it by hand does it still work if you run "su - mailman"
>(as opposed to "su mailman")?
> - todd
Hi Todd,

Thanks for the prompt reply, yes it works fine. I did a sudo -l when
logged in as nobody and this was the result, I had tried it as just
'mailman' and then decided to give it a punt as a group but that didn't
work either :

/usr/local/bin/sudo -l
User nobody may run the following commands on this host:
    (%mailman) /usr/local/mailman/bin/

I really don't know what I've done. I am going to have to give nobody a
group membership of mailman and see if that works. The script works fine
if it is run by mailman

/ $ su mailman
/ $ echo david at lcscreative.com | /usr/local/mailman/bin/add_members -r
- -w n testlist
Subscribed: david at lcscreative.com
/ $ echo david at lcscreative.com | /usr/local/mailman/bin/remove_members
-f - -n testlist
/ $

I've just played around a bit more, looks like it could be a bug in
python or mailman. I am getting a permission denied message when trying
to open a config.pck file even though I am a member of the mailman
group. If I run newgrp and set my primary group to mailman, everything
works as it should.

Looks like python is not looking at all the valid groups for a user.
I'll go play some more but looks like sudo is not the issue. Mailman
runs as setgid which is why I was running as group mailman then it
shouldn't have mattered who the user was. (Well thats the theory 8-))


More information about the sudo-users mailing list